Examice

Exam SCS-C02 All QuestionsBrowse all questions from this exam

Question 166

A security administrator has enabled AWS Security Hub for all the AWS accounts in an organization in AWS Organizations. The security team wants near-real-time response and remediation for deployed AWS resources that do not meet security standards. All changes must be centrally logged for auditing purposes.

The organization has reached the quotas for the number of SCPs attached to an OU and SCP document size. The team wants to avoid making any changes to any of the SCPs. The solution must maximize scalability and cost-effectiveness.

Which combination of actions should the security administrator take to meet these requirements? (Choose three.)

Create an AWS Config custom rule to detect configuration changes to AWS resources. Create an AWS Lambda function to remediate the AWS resources in the delegated administrator AWS account.

Use AWS Systems Manager Change Manager to track configuration changes to AWS resources. Create a Systems Manager document to remediate the AWS resources in the delegated administrator AWS account.

Create a Security Hub custom action to reference in an Amazon EventBridge event rule in the delegated administrator AWS account.

Create an Amazon EventBridge event rule to Invoke an AWS Lambda function that will take action on AWS resources.

Create an Amazon EventBridge event rule to invoke an AWS Lambda function that will evaluate AWS resource configuration for a set of API requests and create a finding for noncompllant AWS resources.

Create an Amazon EventBridge event rule to invoke an AWS Lambda function on a schedule to assess specific AWS Config rules.

Correct Answer: A, C, D

To meet the requirements for near-real-time response, central logging, cost-effectiveness, and scalability, the security administrator should: 1. Create an AWS Config custom rule to detect configuration changes and use an AWS Lambda function for remediation. This aligns with the requirement for near-real-time response and adhering to security standards. 2. Create a Security Hub custom action referenced in an Amazon EventBridge rule in the delegated administrator account, which supports centralized remediation and logging. 3. Create an Amazon EventBridge rule that invokes an AWS Lambda function to take action on AWS resources, further ensuring responses to non-compliant configurations are immediate and scalable. This combination addresses the need for avoiding changes to service control policies (SCP) while maximizing efficiency and cost-effectiveness.

Discussion

aescudero51Options: ADE

My answer is A. Create an AWS Config custom rule to detect configuration changes to AWS resources. Create an AWS Lambda function to remediate the AWS resources in the delegated administrator AWS account. My answer is D. Create an Amazon EventBridge event rule to Invoke an AWS Lambda function that will take action on AWS resources. My answer is E. Create an Amazon EventBridge event rule to invoke an AWS Lambda function that will evaluate AWS resource configuration for a set of API requests and create a finding for noncompllant AWS resources.

aditOptions: ACD

acd are correct answer

sema2232

CDE are correct answers